The short story:
I replaced a low end firewall with a 3Com Gigabit Firewall model 3CREVF100-73. The low end firewall had some static routes on it to redirect traffic for internal subnets to a different default gateway however the same settings on the 3Com do not see to be taking. The traffic hits the internal side of the 3Com but instead of using the routes in the routing table, traffic dies.
Here is the long story:
I am replacing a low end firewall device with the 3com Gigabit Firewall model 3CREVF100-73 however I am having some internal routing issues.
Currently I have 4 subnets on my LAN. I have them configured on a 3Com 4250T stack and I use the 4200G Layer 3 switch as the gateway for the VLANS. Internet traffic is routed out through a low end firewall box that I am replacing with the 3com Gigabit Firewall model 3CREVF100-73. The same(ish) setting do not seem to be working on the 3Com.
[Setup that was working last night]
Internet
|
(999.999.999.999 – External)
Low End Firewall (on VLAN 1)
(192.168.1.1 – Internal)
|
3Com 4200G
VLAN 1 Interface – 192.168.1.254
VLAN 2 Interface – 192.168.2.254
VLAN 3 Interface – 192.168.3.254
VLAN 4 Interface – 192.168.4.254
The low end firewall has on it static routes to point the .2.x, .3.x, and .4.x network to the 4200G.
Destination – Subnet – Gateway – Metric – Private
192.168.2.0 – 255.255.255.0 – 192.168.1.254 – 10 - True
192.168.3.0 – 255.255.255.0 – 192.168.1.254 – 10 - True
192.168.4.0 – 255.255.255.0 – 192.168.1.254 – 10 – True
All computers on each VLAN use the 4200G as the default gateway and traffic routes fine between them. I have two servers that have a special configuration because they need to have ports forwarded to them from the firewall. For example my VPN server (192.168.1.50) has the firewall (192.168.1.1) as its default gateway and as I noted earlier, the firewall has the 4200G’s interface 192.168.1.254 as the default gateway for the routes .2.x, .3.x, and .4.x.
I replaced the old firewall with the 3CREVF100-73, but now when a device on the other subnets try to reach the servers that need the port forwarding through the firewall they can’t reach them like before.
On the 3CREVF100-73 the only thing I setup was:
1. The WAN to LAN policies to forward the ports to the two servers (Working fine).
2. The Routing Policies:
Destination – Subnet – Gateway – Metric – Private
192.168.2.0 – 255.255.255.0 – 192.168.1.254 – 10 - True
192.168.3.0 – 255.255.255.0 – 192.168.1.254 – 10 - True
192.168.4.0 – 255.255.255.0 – 192.168.1.254 – 10 – True
I replaced a low end firewall with a 3Com Gigabit Firewall model 3CREVF100-73. The low end firewall had some static routes on it to redirect traffic for internal subnets to a different default gateway however the same settings on the 3Com do not see to be taking. The traffic hits the internal side of the 3Com but instead of using the routes in the routing table, traffic dies.
Here is the long story:
I am replacing a low end firewall device with the 3com Gigabit Firewall model 3CREVF100-73 however I am having some internal routing issues.
Currently I have 4 subnets on my LAN. I have them configured on a 3Com 4250T stack and I use the 4200G Layer 3 switch as the gateway for the VLANS. Internet traffic is routed out through a low end firewall box that I am replacing with the 3com Gigabit Firewall model 3CREVF100-73. The same(ish) setting do not seem to be working on the 3Com.
[Setup that was working last night]
Internet
|
(999.999.999.999 – External)
Low End Firewall (on VLAN 1)
(192.168.1.1 – Internal)
|
3Com 4200G
VLAN 1 Interface – 192.168.1.254
VLAN 2 Interface – 192.168.2.254
VLAN 3 Interface – 192.168.3.254
VLAN 4 Interface – 192.168.4.254
The low end firewall has on it static routes to point the .2.x, .3.x, and .4.x network to the 4200G.
Destination – Subnet – Gateway – Metric – Private
192.168.2.0 – 255.255.255.0 – 192.168.1.254 – 10 - True
192.168.3.0 – 255.255.255.0 – 192.168.1.254 – 10 - True
192.168.4.0 – 255.255.255.0 – 192.168.1.254 – 10 – True
All computers on each VLAN use the 4200G as the default gateway and traffic routes fine between them. I have two servers that have a special configuration because they need to have ports forwarded to them from the firewall. For example my VPN server (192.168.1.50) has the firewall (192.168.1.1) as its default gateway and as I noted earlier, the firewall has the 4200G’s interface 192.168.1.254 as the default gateway for the routes .2.x, .3.x, and .4.x.
I replaced the old firewall with the 3CREVF100-73, but now when a device on the other subnets try to reach the servers that need the port forwarding through the firewall they can’t reach them like before.
On the 3CREVF100-73 the only thing I setup was:
1. The WAN to LAN policies to forward the ports to the two servers (Working fine).
2. The Routing Policies:
Destination – Subnet – Gateway – Metric – Private
192.168.2.0 – 255.255.255.0 – 192.168.1.254 – 10 - True
192.168.3.0 – 255.255.255.0 – 192.168.1.254 – 10 - True
192.168.4.0 – 255.255.255.0 – 192.168.1.254 – 10 – True